CVE-2007-5378 — Improper Restriction of Operations within the Bounds of a Memory Buffer in TK TK Toolkit
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents8 sources
Severity
6.8MEDIUMNVD
NVD4.3
EPSS
1.4%
top 19.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 12
Latest updateMay 1
Description
Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.
CVSS vector
AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9
Affected Packages7 packages
🔴Vulnerability Details
4📋Vendor Advisories
6VMware▶
Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues↗2008-06-04
Debian▶
CVE-2007-5137: libtk-img - Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) ...↗2007
Debian▶
CVE-2007-5378: libtk-img - Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 ...↗2007